Adapting firewalls for the virtual age

Firewalls have long been a fixture in network security plans, but how will it transition into the new age of technology? Ellen Messmer of Network World wrote that vendors are now trying to build next-generation firewalls (NGFWs) to help improve cloud and virtualization security. These solutions are aiming to help organizations monitor and control access based on how applications are used and will likely include tools such as web filtering, malware protection and data loss prevention, among others.

One professional, Rusty Agee, information security engineer for the City of Charlotte, N.C., told Messmer that firewalls have been evolving and said he is always looking for more features from this technology. Especially in an age where employees are bringing their own devices, organizations must be prepared for any security issues that may pop up for the organization. His own city has been using a program to help establish VPN-like connections back to the city's firewall, which makes use of standalone IPS to coordinate traffic to data centers, servers and the city's network. The city is also using another next-generation firewall to monitor and control how employees use applications.

"Firewalls and IPS, in fact, seem to be able to live almost anywhere," Messmer wrote. "One example is the Fortinet Secure Wireless LAN, which is basically a wireless-access point and switch integrated into a unified threat management device supporting firewall and IPS capability."

Fortinet Vice President of Marketing John Maddison said retail store chains have been using these tools as a way to get wireless coverage integrated with security, something that businesses have been missing for years.

Technology journalist Frank Ohlhorst wrote on Network Computing that these services have new approaches that can be helpful to modern businesses, including deep packet inspection and visualization of network traffic exploits. However, there are complexities that can come from using similar approaches, such as latency and addition of more overhead than a company may want. This is why there must be oversight of the adoption of these firewalls, as organizations surely will need them for improved virtualization security, but also must keep in mind how it will affect other areas of the organization.

Ohlhorst said when utilized correctly, data from these tools can be used to normalize standard communication and make detection more effective than ever before.

"The gathered data can also be used for statistical analysis, as well as for forensics–giving administrators a full picture of what is going on in regard to traffic," he wrote on Network Computing. "That enables administrators to perform capacity planning, troubleshoot problems or monitor what individual employees are doing throughout the day."